What are the responsibilities and job description for the HIPAA Security Analyst- Visa Independent position at Shrive Technologies LLC?
- Regulatory Knowledge: Deep understanding of HIPAA Security Rule and NIST frameworks.
- Interoperability: Knowledge of standards like HL7 or FHIR to ensure the patient system communicates securely with other healthcare platforms.
- Critical Thinking: Balancing "clinical usability" with "risk reduction"—ensuring security measures don't slow down life-saving patient care
- Extensive Security experience especially in pharma space dealing with Patient data
- IT Business Analyst Responsibilities
- Requirements Gathering: Collaborates with clinical staff and administrators to define what the system must do, such as managing Electronic Health Records (EHR) or billing.
- Process Optimization: Identifies bottlenecks in patient flow or data entry and recommends technical solutions to streamline these tasks.
- User Support & Training: Translates complex technical features into actionable training for doctors, nurses, and administrative staff.
- Security Analyst Responsibilities
- Focuses on the protection of Electronic Protected Health Information (ePHI) and regulatory compliance.
- Risk Assessments: Conducts regular audits to identify vulnerabilities in the system’s architecture, data flows, and third-party integrations.
- Access Management: Implements "least-privilege" access and Multi-Factor Authentication (MFA) to ensure staff only see the patient data necessary for their specific roles.
- Incident Response: Detects and responds to security threats, such as phishing or data breaches, and leads the recovery process while documenting findings for legal compliance.
- Vendor Oversight: Manages Business Associate Agreements (BAAs) with system vendors to ensure they meet the organization's security standards
- Effective collaboration with product, data, and business teams
- Good communication and documentation skills and can work with executive leadership on daily basis
- Good functional and domain knowledge of Pharma domain
- Health care specific certification good plus:
- HCISPP (HealthCare Information Security and Privacy Practitioner): The gold standard for this specific role; it covers healthcare risk, governance, and the legal aspects of patient data.
- C PHIMS (Certified Professional in Healthcare Information and Management Systems): Focuses on the "Business Analyst" side—improving clinical outcomes through better technology management.
- Core Security & Audit (Must have):
· CISSP (Certified Information Systems Security Professional): Best for high-level security strategy and architecture.
· CISA (Certified Information Systems Auditor): Critical for the "Analyst" side, focusing on auditing system controls and reporting.
· CISA (Certified Information Systems Auditor): Critical for the "Analyst" side, focusing on auditing system controls and reporting.
- Process & Business Analysis (Must have):
· CBAP (Certified Business Analysis Professional): For mastering requirements gathering and process modeling.
· ITIL 4 Foundation: Useful for understanding how to manage IT services in a high-stakes environment like a hospital
· ITIL 4 Foundation: Useful for understanding how to manage IT services in a high-stakes environment like a hospital
- Essential Compliance documentation prior experience(must have):
- SRA (Security Risk Assessment) : A living document that identifies where ePHI is stored, transmitted, or at risk. This is a mandatory HIPAA requirement.
- BAA (Business Associate Agreements): ): Contracts with third-party vendors) ensuring they also follow strict security standards